CVE 2020-10702
A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.
Related bugs and status
CVE-2020-10702 (Candidate) is related to these bugs:
Bug #1749393: sbrk() not working under qemu-user with a PIE-compiled binary?
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | QEMU | Undecided | Fix Released | ||
1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu) | Undecided | Fix Released | ||
1749393 | sbrk() not working under qemu-user with a PIE-compiled binary? | qemu (Ubuntu Focal) | Medium | Fix Released |
Bug #1859713: ARM v8.3a pauth not working
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1859713 | ARM v8.3a pauth not working | QEMU | Undecided | Fix Released |
Bug #1871830: using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1871830 | using QEMU_MODULE_DIR and CONFIG_MODULE_UPGRADES at the same time can crash qemu | qemu (Ubuntu) | Critical | Fix Released |
Bug #1872107: QEMU KVM live migration crashes when the VM is in booting state
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1872107 | QEMU KVM live migration crashes when the VM is in booting state | qemu (Ubuntu) | Undecided | Fix Released | ||
1872107 | QEMU KVM live migration crashes when the VM is in booting state | qemu-kvm | Unknown | Unknown |
Bug #1872937: Fetch recent CVE and packaging fixes
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1872937 | Fetch recent CVE and packaging fixes | qemu (Ubuntu) | Critical | Fix Released |
Bug #1878534: iPhone USB passthrough crashes Windows 10 guest
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1878534 | iPhone USB passthrough crashes Windows 10 guest | qemu (Ubuntu) | Undecided | Incomplete | ||
1878534 | iPhone USB passthrough crashes Windows 10 guest | qemu (Debian) | Unknown | Fix Released |
Bug #1887763: new default qemu TCG sizes exceed common CI setups
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1887763 | new default qemu TCG sizes exceed common CI setups | qemu (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.